Patching Etcd and Vault

Caution:

Ensure that all preparation steps for system patching have been completed. For instructions, see Prepare for Appliance Patching.

The secret service contains two components that need to be patched separately in this particular order: first Etcd, then Vault.

The Etcd and Vault patches are rolling patches: each patch is executed on all three management nodes with one command.

Note:

In software version 3.0.2-b892153 and later all patch operations are based on the upgrade plan, which is generated when the pre-upgrade command is executed. For more information, see Set Up New Software Sources for Patching. When a component is already at the required version, the patch operation is skipped. However, patching with the same version can be forced using the Service Web UI or Service CLI command option (force=True), if necessary.

Ensure you perform a system backup before you apply a patch. See the Backup and Restore section of the Oracle Private Cloud Appliance Administrator Guide.

Using the Service Web UI

1. In the navigation menu, go to the Maintenance section and click Upgrade Plan. This provides an overview of current and target component versions.

2. Click Upgrade & Patching to display the Upgrade Jobs page.

3. In the top-right corner of the Upgrade Jobs page, click Create Upgrade or Patch.

   The Create Request window appears. Choose Patch as the Request Type.

4. Select the appropriate patch request type: Patch Etcd.

5. If required, fill out the patch parameters:

   • Advanced Options JSON: Not available.

   • Log Level: Optionally, select a specific log level for the upgrade log file. The default log level is "Information". For maximum detail, select "Debug".

   • Alternative ULN Channel: This parameter forces the request to use a non-standard ULN channel. Do not use this option unless Oracle explicitly instructs you to do so.

   • Verify Only: Enable this option to run the operation in verification only mode.

   • Force: Enable this option to force the operation. Use only when instructed by Oracle.

6. Click Create Request.

   The new patch request appears in the Upgrade Jobs table.

7. When the Etcd patch has completed successfully, repeat this procedure to create a patch for Vault.

Using the Service CLI

1. Enter the two patch commands. Wait until the Etcd patch operation is finished before starting the Vault patch operation.

   PCA-ADMIN> patchEtcd
   Command: patchEtcd
   Status: Success
   Time: 2022-01-24 18:43:56.849 UTC
   Data: Service request has been submitted.  Upgrade Job ID = 1642593966208-etcd-6066 \
   Upgrade Request ID = UWS-1ee38895-dedf-41c5-ab77-eebe294707ed
   
   PCA-ADMIN> patchVault
   Command: patchVault
   Status: Success
   Time: 2022-01-24 18:48:21.841 UTC
   Data: Service request has been submitted.  Upgrade Job ID = 1642594274785-vault-29202 \
   Upgrade Request ID = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1

2. Use the request ID and the job ID to check the status of the upgrade process.

   PCA-ADMIN> getupgradejobs
   Command: getupgradejobs
   Status: Success
   Time: 2023-01-24 21:23:22,117 UTC
   Data:
     id                               upgradeRequestId                           commandName   result
     --                               ----------------                           -----------   ------
     1642594274785-vault-29202        UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1   vault         Passed
     1642593966208-etcd-6066          UWS-1ee38895-dedf-41c5-ab77-eebe294707ed   etcd          Passed
   
   PCA-ADMIN> getUpgradeJob upgradeJobId=1642594274785-vault-29202
   Command: getUpgradeJob upgradeJobId=1642594274785-vault-29202
   Status: Success
   Time: 2023-01-24 21:55:43,804 UTC
   Data:
     Upgrade Request Id = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1
     Name = vault
   [...]